Personal data loss: High-tech firms lead the pack

With much of the world today practically living in the digital world, there has been an increasing emphasis on privacy and security. Yet it seems that these concerns are on the user end and not on companies, given by the fact that more and more data is being lost. But who has been responsible personal data loss and why aren’t they doing anything about it?

According to a report from the InfoWatch Analytical Centre, in 2016, high-tech companies accounted for almost 75% of all globally compromised data (2.3 billion records), 87% of which were personal data. Much of the information is only now surfacing, since companies that have had the data stolen often cover it up, or are not even aware of it sometimes.

According to Sergey Khayruk, Analyst at InfoWatch Group, more leaks and compromised data are being seen in the high-tech companies than ever before. This is where information, including customer data, is usually a key asset, and therefore any leak can have a disastrous impact on business.

Leaks by information type, 2015-2016 (Source: InfoWatch)

“In 2016, personal data of hundreds of millions of users were stolen from popular social media, such as Facebook, Foursquare, GitHub, iCloud, LinkedIn, MySpace, Snapchat, Telegram, Tumblr, and Twitter. Moreover, hackers successfully attacked the largest email services, including Gmail, Hotmail, Yahoo, and Mail.ru, and pilfered customer details from telecom companies, such as Deutsche Telekom, Three UK, Verizon, and others,” said Khayruk.

31 mega leaks in 2016 compromised more than 95% of data leaked in the high-tech sector, with 10+ million records leaked in each such case. Attackers compromised much more personal data, while the shares of payment details, trade secrets, and know-how shrank in the total number of leaks.

Despite the growing number of leaks caused by external attackers, insider-enabled leaks are no less dangerous for high-tech companies. Thus, even though the high-tech sector suffered 15% more leaks by third parties compared to 2015, the leak damage breakdown by attack vector remained almost the same.

“IT market players aggregate huge volumes of user data and thus are eager to use Big Data to analyze structured and unstructured information and other tools, which dramatically evolved in terms of technology and functionality,” noted Khayruk.

“However, the more data is being generated, processed, and stored, the higher the risk of external attacks on corporate resources. At the same time, internal offenders gain more ground, forcing IT companies to use not only effective tools to combat attacks, but also advanced multi-functional DLP systems. Moreover, the soaring number of skilled leaks calls for adding User Behavior Analytics (UBA) to the existing cybersecurity toolbox.”